mirror/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2023-08-10 21:13:26 +03:00
Code Issues Projects Releases Wiki Activity

fix insufficient check in cJSON_DetachItemViaPointer

Browse Source 
cJSON_DetachItemViaPointer() will crash if the detached item has field `prev` is null.
The common suitation scenario is the detached item is created by cJSON_Create* APIs
and directly pass it to cJSON_DetachItemViaPointer(object, item) call without adding
item to object previously. Then the cJSON_DetachItemViaPointer() will crash because
it does not check whether the passed item has valid `prev` field.

As detach a non-existent item is an undesirable behavior, instead of raising an uneasy core dump,
this commit adds the NULL check of `item->prev` in cJSON_DetachItemViaPointer
and return NULL to inform user such unexpect behavior (as user will routinely free/handle the
detached resources later).

Signed-off-by: hopper-vul <hopper.vul@gmail.com>
This commit is contained in:
hopper-vul 2022-12-13 15:40:38 +08:00
parent b45f48e600
commit 520af49393
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cJSON.c
View File

@ -2186,7 +2186,7 @@ CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * c
CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item)
{
if ((parent == NULL) || (item == NULL))
if ((parent == NULL) || (item == NULL) || (item->prev == NULL))
{
return NULL;
}